-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 So basically it's no different than the 999,999,999 other various cloud-based services companies make use of on a daily basis for all sorts of stuff.
I've got no guarantee that Google is providing end-to-end encryption on my Google Docs documents, or my mail, or such, but plenty of companies (even security conscious ones) offload their mail, calendaring and even some document management to them. I'm not sure why folks are holding slack to a higher standard. On 7/12/2015 4:10 PM, Paul Graydon wrote: > That doesn't indicate end-to-end encryption, just that your > connections to Slack are encrypted [1]. That leaves any > communication within their network completely open, and this is a > company that has been compromised not that long ago. They're > clearly storing your messages in a format they can read and provide > to you on demand [2]. > > For all intents and purposes, you should consider your > communication unencrypted, and treat it as such. > > [1] > http://www.cantechletter.com/2015/03/slack-is-secure-says-stewart-butt erfield/ > > <- With quotes from Slack CEO about the trade offs they're making. > [2] > http://www.theverge.com/2014/11/24/7255199/slack-alters-privacy-policy - -to-let-bosses-read-your-messages > > <- wouldn't be possible with end-to-end encryption. They shouldn't be > able to even *see* the content of messages. It's certainly > possible to achieve within an end-to-end encrypted model, but not > how they're doing it. > > Paul > > > On 07/12/15 11:21, Derek Balling wrote: >> According to Slack, they use encryption. Do you have data >> contrary to this? >> >> https://slack.com/security >> >>> On Jul 12, 2015, at 2:10 PM, Paul Graydon >>> <[email protected]> wrote: >>> >>>> On 07/12/15 10:41, Mark McCullough wrote: As a security geek, >>>> I find the Slack trend … troublesome. >>> It particularly disturbs me how many people are passing >>> confidential and sensitive data over Slack without giving it a >>> second thought. Everything from customer names, details, >>> through to architectural information. Even worse are those >>> using bots to automate their infrastructure, and hooking them >>> into Slack. You're passing sensitive information through an >>> unsecured channel (Slack doesn't employ end-to-end security, >>> and themselves tell you to consider it the same as using >>> Facebook, public facing email service, etc.), and you don't see >>> that as a problem? Worse with all powerful bots you're leaving >>> yourself open to malicious actors taking you down. >>> >>> Paul _______________________________________________ Discuss >>> mailing list [email protected] >>> https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This >>> list provided by the League of Professional System >>> Administrators http://lopsa.org/ > - -- I prefer to use encrypted mail. My public key fingerprint is FD6A 6990 F035 DE9E 3713 B4F1 661B 3AD6 D82A BBD0. You can download it at http://www.megacity.org/gpg_dballing.txt Learn how to encrypt your email with the E-Mail Self Defense Guide: https://emailselfdefense.fsf.org/en/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0 Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVostYAAoJEGYbOtbYKrvQxOIP/0nuVDooRItiP7sNY/BIVpnA VcioLvFoTezBWSHiZ6+0ox7YI/8oD5vAKKIPrRhSjfHDYO3M10+ytoDW1m5qzQH0 E4Z+EsXjVEFzzLnfMbYewRnxytDaFjZzSQ8EWbfoP4Qw7h1q7OwM62fyJivRFOmx dglGfqJsETMg5UsRblWaEcNKwZlOfUV6tyGy+YjDgWh0z2ycXFlxKP61PH00x8NX O1w9QXMEypOwhy3or+hoY6CExpQyM+5HqXyPEdwnh26gA45nrTzhkZUKxn/YPM46 2au2wlsO+1pB63GPrOTQbADrnUvmCBHjIH7NBAqig6vEdvbVHLIZdEUdh5BscIPZ J+NTk/wLeAKp6Y+qKVNogi716H2uFmtYDTtiDhIZXIzWdjdSNWIGeR4ph00K5/km L4vKCtAU+EjNt8fKZjl8SCV7kE2Yped36V1P43OBe8k9OWMLaSLeVM/BbSC5ZFot kmTy3CqvgJK1XcYqoPPsGXzJ0HHTyK5z5pTxikJFOgDLEhco+wgfDUHVoR5ufBlw U8NoS4SZiaQ08X56oj8mTlwT1c7CJEF+qtlQJgcq3sFNe4r4ZaiO9ctqgVemCHpn ik8A4zxF4M2lDlLXighxcTRl2vh/BrN4Z4Qs7gdLC8Kp7c05XqqwODFbDXn8XpsE MyVJc6cJcZ81V1ttDztY =0KN+ -----END PGP SIGNATURE----- _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
